Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 Jan 2024 14:02:24 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rUYlh-00000000BfI-2QC5
for dave@doctor.nl2k.ab.ca;
Mon, 29 Jan 2024 14:02:13 -0700
Resent-From: The Doctor
Resent-Date: Mon, 29 Jan 2024 14:02:13 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f48.google.com ([209.85.167.48]:58639)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rUXfj-000000001kC-3hZe
for doctor@doctor.nl2k.ab.ca;
Mon, 29 Jan 2024 12:52:02 -0700
Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-5102a2e4b7bso4681518e87.1
for; Mon, 29 Jan 2024 11:50:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1706557798; x=1707162598; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=98OqNx7VC6rCHBqpCGPNNF9FPmGX6MADeHK5ES28AUY=;
b=UC/vVUe96QoYDymzQ4I0gHjov/GRf9lQmFC+UXTXGtXJSQ68zdyabBVI7+Il8ArW6R
5/3XLUhI3FFJoHKCclPuB/dpznY2QIfY/apyiNhQN8P64Ol9abgB0b0KXEBCigzdN8FK
pBiDk4Ct45pWOAQbfVTQmFCNxaUy8/UPgN+kyb4IEYKCXRYWCvZQJEHpSP6xqQLF86v+
YiLw9uV1YsYl1geuFpXBJkeUn/yQLdP61hfSfC46Mcej2WAer9XAaIooUHZfNByZfZjr
pvw+l3xBUdFXYqAwK69z9TxhQ6eZTPorZRFu3jivrnZNNOXkv/OwU2OI2yEd8ywBwPSg
aDFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1706557798; x=1707162598;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=98OqNx7VC6rCHBqpCGPNNF9FPmGX6MADeHK5ES28AUY=;
b=WX5+nFD62Dr/Qp5anGsCwhrHcl86AR7GGcF52SxkeJMU8UzgTQyQ0j4nIlFjnUiMVW
u1QqUE+LAC0pm0SerCSm6srWBT7nWdjsLyv9MQB/mPMWzxfb0l0mPpclb4noQYrbU3ZF
tXLeYiVQhIOYUKOcBZbV3l+32/EpQVQs8WjYndM46nKMNKVfa0MVatQOvBX0TYHNMVhO
+DIneTL8KSDcztBLodRgUwTJOgLAlk1gmilhDM8hHZU/MVivMQ5ZIiu+bZyCvLhk2hfA
B8pTAHYLZ4/ELSJ3LfOfVR8qmSZPEtSn5ZIY3JE9lMkwJ8DAggiG4i3PpSmVMaG+kMwB
Nvvg==
X-Gm-Message-State: AOJu0YyE9nJs07sz8a5UqrwPNwfODC+NQPMxYruEG1VHJ7c3Svw45sHm
4Q3bHrMUm4sq8N8XKl81DUxPP/1KmYNTSATTLL5/LWAZoXPVmnf++dsWjkjG7EYepyxAZ1Fgvwn
lihnoeYmC5iANR77c5Y2pIOP3mvyuyO6ouo1nWyb3
X-Google-Smtp-Source: AGHT+IEiDhP4XpsObyYZ1cZq6uvjDcmtZdn73pR0FSvU+qfHefqz7rEWfYOLwSCPCUl3Kg5AB/iUDKJCoatcV0effEs=
X-Received: by 2002:a17:906:d7b2:b0:a31:6811:bf99 with SMTP id
pk18-20020a170906d7b200b00a316811bf99mr5201806ejb.56.1706557427795; Mon, 29
Jan 2024 11:43:47 -0800 (PST)
MIME-Version: 1.0
From: Toma Karim
Date: Mon, 29 Jan 2024 09:43:36 -1000
Message-ID:
Subject: Immediate Reply.
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="00000000000045cc5006101add7f"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, How are you doing Today, My name is MR. TOMA
KARIM, and I am the Bill and Exchange Assistant Manager (BOA) BANK OF AFRICA.
I have a business deal worth (US$16.5 Million Dollars) to execute with you,
[...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.48 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[kzakari04(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[kzakari04(at)gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.48 listed in wl.mailspike.net]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Immediate Reply.
X-Antivirus: AVG (VPS 240129-6, 1/29/2024), Inbound message
X-Antivirus-Status: Clean
--00000000000045cc5006101add7f
Content-Type: text/plain; charset="UTF-8"
Dear Friend,
How are you doing Today, My name is MR. TOMA KARIM, and I am the Bill and
Exchange Assistant Manager (BOA) BANK OF AFRICA. I have a business deal
worth (US$16.5 Million Dollars) to execute with you, it's legitimate' legal
and your personal Identity will not be compromised,
Will I have your support to achieve this great opportunity ???
Yours Sincerely,
Mr. Toma Karim.
+226 01659476
--00000000000045cc5006101add7f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
s-serif;font-size:15px">Dear Friend,
=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px">
aria-hidden=3D"true" style=3D"color:rgb(36,36,36);font-family:verdana,sans-=
serif;font-size:15px">
a,sans-serif;font-size:15px">=C2=A0 How are you doing Today, My name is MR.=
TOMA KARIM, and I am the Bill and Exchange Assistant Manager (BOA) BANK OF=
AFRICA. I have a business deal worth (US$16.5 Million Dollars) to execute =
with you, it's legitimate' legal and your personal Identity will no=
t be compromised,
6);font-family:verdana,sans-serif;font-size:15px">
style=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px"=
>
e:15px">Will I have your support to achieve this great opportunity ???
n>
,sans-serif;font-size:15px">
36,36);font-family:verdana,sans-serif;font-size:15px">
rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px">Yours Sincerel=
y,
verdana,sans-serif;font-size:15px">
family:verdana,sans-serif;font-size:15px">Mr. Toma Karim.
dden=3D"true" style=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;f=
ont-size:15px">
serif;font-size:15px">+226 01659476
--00000000000045cc5006101add7f--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 29 Jan 2024 14:02:24 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rUYlh-00000000BfI-2QC5
for dave@doctor.nl2k.ab.ca;
Mon, 29 Jan 2024 14:02:13 -0700
Resent-From: The Doctor
Resent-Date: Mon, 29 Jan 2024 14:02:13 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f48.google.com ([209.85.167.48]:58639)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rUXfj-000000001kC-3hZe
for doctor@doctor.nl2k.ab.ca;
Mon, 29 Jan 2024 12:52:02 -0700
Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-5102a2e4b7bso4681518e87.1
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1706557798; x=1707162598; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=98OqNx7VC6rCHBqpCGPNNF9FPmGX6MADeHK5ES28AUY=;
b=UC/vVUe96QoYDymzQ4I0gHjov/GRf9lQmFC+UXTXGtXJSQ68zdyabBVI7+Il8ArW6R
5/3XLUhI3FFJoHKCclPuB/dpznY2QIfY/apyiNhQN8P64Ol9abgB0b0KXEBCigzdN8FK
pBiDk4Ct45pWOAQbfVTQmFCNxaUy8/UPgN+kyb4IEYKCXRYWCvZQJEHpSP6xqQLF86v+
YiLw9uV1YsYl1geuFpXBJkeUn/yQLdP61hfSfC46Mcej2WAer9XAaIooUHZfNByZfZjr
pvw+l3xBUdFXYqAwK69z9TxhQ6eZTPorZRFu3jivrnZNNOXkv/OwU2OI2yEd8ywBwPSg
aDFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1706557798; x=1707162598;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=98OqNx7VC6rCHBqpCGPNNF9FPmGX6MADeHK5ES28AUY=;
b=WX5+nFD62Dr/Qp5anGsCwhrHcl86AR7GGcF52SxkeJMU8UzgTQyQ0j4nIlFjnUiMVW
u1QqUE+LAC0pm0SerCSm6srWBT7nWdjsLyv9MQB/mPMWzxfb0l0mPpclb4noQYrbU3ZF
tXLeYiVQhIOYUKOcBZbV3l+32/EpQVQs8WjYndM46nKMNKVfa0MVatQOvBX0TYHNMVhO
+DIneTL8KSDcztBLodRgUwTJOgLAlk1gmilhDM8hHZU/MVivMQ5ZIiu+bZyCvLhk2hfA
B8pTAHYLZ4/ELSJ3LfOfVR8qmSZPEtSn5ZIY3JE9lMkwJ8DAggiG4i3PpSmVMaG+kMwB
Nvvg==
X-Gm-Message-State: AOJu0YyE9nJs07sz8a5UqrwPNwfODC+NQPMxYruEG1VHJ7c3Svw45sHm
4Q3bHrMUm4sq8N8XKl81DUxPP/1KmYNTSATTLL5/LWAZoXPVmnf++dsWjkjG7EYepyxAZ1Fgvwn
lihnoeYmC5iANR77c5Y2pIOP3mvyuyO6ouo1nWyb3
X-Google-Smtp-Source: AGHT+IEiDhP4XpsObyYZ1cZq6uvjDcmtZdn73pR0FSvU+qfHefqz7rEWfYOLwSCPCUl3Kg5AB/iUDKJCoatcV0effEs=
X-Received: by 2002:a17:906:d7b2:b0:a31:6811:bf99 with SMTP id
pk18-20020a170906d7b200b00a316811bf99mr5201806ejb.56.1706557427795; Mon, 29
Jan 2024 11:43:47 -0800 (PST)
MIME-Version: 1.0
From: Toma Karim
Date: Mon, 29 Jan 2024 09:43:36 -1000
Message-ID:
Subject: Immediate Reply.
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="00000000000045cc5006101add7f"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, How are you doing Today, My name is MR. TOMA
KARIM, and I am the Bill and Exchange Assistant Manager (BOA) BANK OF AFRICA.
I have a business deal worth (US$16.5 Million Dollars) to execute with you,
[...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.48 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[kzakari04(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[kzakari04(at)gmail.com]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.48 listed in wl.mailspike.net]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs
1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Immediate Reply.
X-Antivirus: AVG (VPS 240129-6, 1/29/2024), Inbound message
X-Antivirus-Status: Clean
--00000000000045cc5006101add7f
Content-Type: text/plain; charset="UTF-8"
Dear Friend,
How are you doing Today, My name is MR. TOMA KARIM, and I am the Bill and
Exchange Assistant Manager (BOA) BANK OF AFRICA. I have a business deal
worth (US$16.5 Million Dollars) to execute with you, it's legitimate' legal
and your personal Identity will not be compromised,
Will I have your support to achieve this great opportunity ???
Yours Sincerely,
Mr. Toma Karim.
+226 01659476
--00000000000045cc5006101add7f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
s-serif;font-size:15px">Dear Friend,
=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px">
aria-hidden=3D"true" style=3D"color:rgb(36,36,36);font-family:verdana,sans-=
serif;font-size:15px">
a,sans-serif;font-size:15px">=C2=A0 How are you doing Today, My name is MR.=
TOMA KARIM, and I am the Bill and Exchange Assistant Manager (BOA) BANK OF=
AFRICA. I have a business deal worth (US$16.5 Million Dollars) to execute =
with you, it's legitimate' legal and your personal Identity will no=
t be compromised,
6);font-family:verdana,sans-serif;font-size:15px">
style=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px"=
>
e:15px">Will I have your support to achieve this great opportunity ???
n>
,sans-serif;font-size:15px">
36,36);font-family:verdana,sans-serif;font-size:15px">
rgb(36,36,36);font-family:verdana,sans-serif;font-size:15px">Yours Sincerel=
y,
verdana,sans-serif;font-size:15px">
family:verdana,sans-serif;font-size:15px">Mr. Toma Karim.
dden=3D"true" style=3D"color:rgb(36,36,36);font-family:verdana,sans-serif;f=
ont-size:15px">
serif;font-size:15px">+226 01659476
--00000000000045cc5006101add7f--